[OSSA 2013-010] Nova uses insecure keystone middleware tmpdir by default (CVE-2013-2030)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OpenStack Security Advisory: 2013-010 CVE: CVE-2013-2030 Date: May 9, 2013 Title: Nova uses insecure keystone middleware tmpdir by default Reporter: Grant Murphy (Red Hat), Anton Lundin Products: Nova Affects: Folsom, Grizzly Description: Grant Murphy from Red Hat and Anton Lundin both independently reported a vulnerability in Nova's default location for the Keystone middleware signing directory (signing_dir). By previously setting up a malicious directory structure, an attacker with local shell access on the Nova node could potentially issue forged tokens that would be accepted by the middleware. Only setups that use the default value for signing_dir are affected. Note that future versions of the Keystone middleware will issue a warning if an insecure signing directory is used. Havana (development branch) fix: https://review.openstack.org/#/c/28568/ Grizzly fix: https://review.openstack.org/#/c/28569/ Folsom fix: https://review.openstack.org/#/c/28570/ References: https://bugs.launchpad.net/nova/+bug/1174608 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2030 - -- Thierry Carrez (ttx) OpenStack Vulnerability Management Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBCAAGBQJRi72dAAoJEFB6+JAlsQQjJZAQAJ5w/+BoBD4em8YklBsxU6wU Bn1wWu3W5ngCNuHwr4ydWzC3U1TT1zWtogWJpv/+87m2KPESWhs7YGCkTIE9tLpA sNOniOG9hGUsWwRgtUqjA8/8QzLgbNJ/PDJx0lrNPNkvMbHwP/jxotx353edhelQ QAPJwVPBqu0vn2VZOeFWYNO/AnWNcjTXE0po92qaFvw3HWL3ykMd30w4Ejxv9clC VjBjaNkReSkmcd/BaArtr1IenyYyVqM7nv/VWl5O5Up02+uvAozDmy6Cyc1O5VOW 6m9nRH2WKE/bFXcTEG4rpH+/BZxG2RuyklUBvVtSaEAQOWYFSwQKzjxGM3rItsWt iuQYrakl6H69tRS3HS9pAXWdxSikSb8CqmVJauf3RG1/EQ7GtCO0kXVPi8fYBaTX GpLmpY8bj6o2iY1Kh1bozZ2oYVLgPrhP2R4oj+4iaSN++gy2qs0d3AvIK0BzBKT+ fd7wAUpdxltM9eZS82VEQxIaOGUDqnGompEu3nPRv9KD5kZqgz/L/jp5I+PR3y1D Uaj8W+FfF/AZtMRLJHl3I0kUHRhfuIusir5zja7UCoR6UEeipLvBzbi/DSGfBCRY /VbBv9ZZBeQ+Kw4EwS4/7G5nw1RX4/bKGSi0zcwwmD2unB7Plm9MjI65yR4oFidl uOpCYFwNk6PqCFED/mCz =wjZ/ -----END PGP SIGNATURE-----
participants (1)
-
Thierry Carrez